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DETAILED ACTION 



Claims 1-31 are pending. Claims 12-16 and 28-31 are withdrawn from 



consideration. 



Election/Restrictions 



2. Applicant's election with traverse of Group I (claims 1 -00 and 1 7-27) in the reply 
filed on 8/31/2007 is acknowledged. The traversal is on the ground(s) that there is not a 
serious burden to the Examiner in examining all of the claims. This is not found 
persuasive because the subject matter of the groups of claims diverges which would 
necessitate separate searches and rejections for multiple groups of claims. This would 
impose a serious burden upon the Examiner. 

The requirement is still deemed proper and is therefore made FINAL. 



Claim Objections 



3. 



Claim 1 is objected to because of the following informalities: 



a. 



Claim 1 provides two periods at the end of the claim. 



b. 



Appropriate correction is required. 
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Claim Rejections - 35 USC § 102 



The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(a) the invention was known or used by others in this country, or patented or described in a printed 
publication in this or a foreign country, before the invention thereof by the applicant for a patent. 

4. Claim 17-21 are rejected under 35 U.S.C. 102(a) as being anticipated by 
Syvanneet al EP 1,317,112. 

5. With regards to claim 17, Syvanne teaches a method of screening incoming 
packets (Syvanne, paragraph 0012, stateful filtering of packets), comprising: detecting 
an establishment of a firewall session between a mobile station logged onto a GPRS 
network and a system on a packet data network (Syvanne, paragraph 0019, detects 
registration of a new mobile entity using SIP, paragraph 0029, data connectivity may be 
based on GTP tunneling protocol, paragraph 0036, GPRS); detecting an end to the 
firewall session (Syvanne, paragraph 0032, connection moved from being handled by 
one firewall to another, paragraph 0022, firewall deletes entries in its entity table, 
paragraph 0041, receives message from other firewall and updates/deletes sessions); 
and sending a request to a Gi firewall protecting the gateway support node from attacks 
from the packet data network to remove the firewall session from an associated firewall 
session list (Syvanne, paragraph 0022, firewall deletes entries in its entity table, 
paragraph 0041, receives message from other firewall and updates/deletes sessions). 
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6. With regards to claim 18, Syvanne teaches a method of screening incoming 
packets (Syvanne, paragraph 0012, stateful filtering of packets), comprising: adding a 
firewall session identifier to a firewall session list when a new firewall session for user 
traffic coming from a GTP tunnel is created and when the user traffic does not belong to 
an existing firewall session (Syvanne, paragraph 0038, if the mobile entity is not 
currently active in any firewall then a new entry is added); receiving a message to 
indicate the firewall session is no longer active (Syvanne, paragraph 0032, connection 
moved from being handled by one firewall to another, paragraph 0022, firewall deletes 
entries in its entity table, paragraph 0041, receives message from other firewall and 
updates/deletes sessions); and indicating the firewall session is no longer active on the 
firewall session list (Syvanne, paragraph 0022, firewall deletes entries in its entity table, 
paragraph 0041, receives message from other firewall and updates/deletes sessions). 

7. With regards to claim 19, Syvanne teaches indicating the firewall session is no 
longer active on the firewall session list includes removing the active firewall session 
from the firewall session list (Syvanne, paragraph 0032, connection moved from being 
handled by one firewall to another, paragraph 0022, firewall deletes entries in its entity 
table, paragraph 0041, receives message from other firewall and updates/deletes 
sessions). 

8. With regards to claim 20, Syvanne teaches indicating the firewall session is no 
longer active on the firewall session list includes marking the firewall session as inactive 
on the firewall session list (Syvanne, paragraphs 0022, 0032, 0043, when firewall 
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session is inactive at the firewall the session is moved from the first to the second 
mobile entity table). 

9. With regards to claim 21, Syvanne teaches dropping packets associated with 
the no longer active firewall session (Syvanne, paragraph 0037, restricts connections 
and packets that are defined as unwanted). 



Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

10. Claims 1-11 and 22-25 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Syvanne et al EP 1,317,112 in view of Kavanagh US PGPub 
2003/0081607. 

1 1 . With regards to claim 1 , Syvanne teaches a method of screening incoming 
packets (Syvanne, paragraph 0012, stateful filtering of packets), comprising: detecting a 
request to establish a connection from a first network to a packet data network 
(Syvanne, paragraph 0019, detects registration of a new mobile entity using SIP, 
paragraph 0029, data connectivity may be based on GTP tunneling protocol); detecting 
establishment of a tunnel, wherein the tunnel has a support node at each end of the 
tunnel (Syvanne, paragraph 0019, detects registration of a new mobile entity using SIP, 
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paragraph 0034, GTP tunnel connection between SGSN and GGSN), one of the 
support nodes being a gateway to the packet data network (Syvanne, paragraph 0034, 
GTP tunnel connection between SGSN and GGSN gateways), wherein the tunnel is 
used to convey user traffic and the user traffic through the tunnel can have one or more 
associated firewall sessions on a firewall outside the tunnel (Syvanne, paragraphs 
0033-0034, tunnels used to convey user data from mobile nodes, paragraph 0032, can 
have tunnel connection through firewall 204 and 205); and sending a request to the 
firewall to clear the one or more firewall sessions (Syvanne, paragraph 0022, firewall 
deletes entries in its entity table, paragraph 0041, receives message from other firewall 
and updates/deletes sessions). Syvanne fails to teach detecting a tear down of the 
tunnel. However, Kavanagh teaches detecting a tear down of the tunnel (Kavanagh, 
paragraph 0010, receives Detach Request message and initiates tunnel tear down). At 
the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to utilize Kavanagh's method of tearing down tunnels with GTP Detach 
Requests because it offers the advantage of reducing malicious attacks because 
system resources are not wasted because all GTP requests require a response 
(Kavanagh, paragraph 001 1 ). 

12. With regards to claim 2, Syvanne as modified teaches detecting a tear down of 
the tunnel includes detecting the tear down of a GTP tunnel within the first network 
(Kavanagh, paragraph 0010, receives Detach Request message and initiates tunnel 
tear down, Syvanne, paragraph 0029, data connectivity may be based on GTP 
tunneling protocol). 
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13. With regards to claim 3, Syvanne as modified teaches stopping passage of 
packets to the first network originating from the packet data network and associated 
with a firewall session that is not on the firewall session list (Syvanne, paragraph 0037, 
restricts connections and packets that are defined as unwanted). 

14. With regards to claim 4, Syvanne as modified teaches dropping packets 
originating from the packet data network and not associated with a firewall session 
identifier on the firewall session list (Syvanne, paragraph 0037, restricts connections 
and packets that are defined as unwanted). 

15. With regards to claim 5, Syvanne as modified teaches detecting the tear down 
of the tunnel includes detecting GTP delete tunnel request and response messages 
(Kavanagh, paragraph 0010, receives Detach Request message and initiates tunnel 
tear down). 

16. With regards to claim 6, Syvanne as modified teaches clearing the one or more 
firewall sessions from a firewall session list (Syvanne, paragraph 0022, firewall deletes 
entries in its entity table). 

17. With regards to claim 7, Syvanne as modified teaches adding a firewall session 
to a firewall session list at a time when a new tunnel is created (Syvanne, paragraph 
0038, if the mobile entity is not currently active in any firewall then a new entry is 
added). 

18. With regards to claim 8, Syvanne as modified teaches inspecting packets in the 
tunnel to detect firewall session information (Kavanagh, paragraph 0013, analyze 
packets in GTP tunnel using a plurality of filtering criteria). 
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19. With regards to claim 9, Syvanne as modified teaches determining at least one 
of a source address and a destination address of the packets in the tunnel (Kavanagh, 
paragraph 0013, verifies correct source and destination addresses). 

20. With regards to claim 10, Syvanne as modified teaches detecting establishment 
of the tunnel includes determining the one or more firewall sessions associated with the 
tunnel (Syvanne, paragraph 0032, firewalls share data about tunnel firewall sessions 
passing through them, paragraph 0038, share data to form second mobile entity table of 
other sessions in other firewalls). 

21 . With regards to claim 1 1 , Syvanne teaches detecting establishment of the 
tunnel includes determining two or more firewall sessions associated with the tunnel 
(Syvanne, paragraph 0032, firewalls share data about tunnel firewall sessions passing 
through them, paragraph 0038, share data to form second mobile entity table of other 
sessions in other firewalls). 

22. With regards to claim 22, Syvanne teaches a system for screening incoming 
packets (Syvanne, paragraph 0012, stateful filtering of packets), comprising: a GTP 
firewall having a GTP communication module (Syvanne, paragraph 0034, firewall with 
GTP tunnel communications passing through). Syvanne fails to teach a firewall tear 
down engine. However, Kavanagh teaches a Gi communication module that is 
operable to receive an instruction from the GTP communication module to tear down a 
firewall session, a firewall session list and a tear down engine that removes inactive 
firewall sessions from the firewall session list when the tear down engine receives the 
instruction from the GTP communication module (Kavanagh, paragraph 0010, receives 
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Detach Request message and initiates tunnel tear down). At the time the invention was 
made, it would have been obvious to a person of ordinary skill in the art to utilize 
Kavanagh's method of tearing down tunnels with GTP Detach Requests because it 
offers the advantage of reducing malicious attacks because system resources are not 
wasted because all GTP requests require a response (Kavanagh, paragraph 0011). 

23. With regards to claim 23, Syvanne as modified teaches the GTP firewall is 
operable to detect a GTP tunnel tear down (Kavanagh, paragraph 0010, receives 
Detach Request message and initiates tunnel tear down). 

24. With regards to claim 24, Syvanne as modified teaches the GTP firewall is 
operable to detect a firewall session end (Syvanne, paragraph 0032, connection moved 
from being handled by one firewall to another, paragraph 0022, firewall deletes entries 
in its entity table, paragraph 0041, receives message from other firewall and 
updates/deletes sessions). 

25. With regards to claim 25, Syvanne as teaches a GTP firewall includes a Gn 
firewall provided at a Gn interface (Syvanne, paragraph 0034, firewall 305 between 
SGSN and GGSN). 

a 

26. Claims 26-27 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Syvanne et al EP 1,317,112 and Kavanagh US PGPub 2003/0081607, as applied to 
claim 22 above, and in further view of Gopal et al "User plane Firewall for 3G Mobile 
Network." 
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27. With regards to claim 26, Syvanne as modified fails to teach the GTP firewall 
includes a Gp firewall provided at a Gp interface. However, Gopal teaches the GTP 
firewall includes a Gp firewall provided at a Gp interface (Gopal, page 2118, stateful 
firewall at Gp interface). At the time the invention was made, it would have been 
obvious to a person of ordinary skill in the art to utilize Gopal's method of providing a 
firewall at the Gp interface because it offers the advantage of defending against attacks 
that are targeted at the wireless infrastructure (Gopal, page 2118). 

28. With regards to claim 27, Syvanne as modified fails to teach the GTP firewall is 
located on a device; and the Gi firewall is located on the device. However, Gopal 
teaches the GTP firewall is located on a device; and the Gi firewall is located on the 
device (Gopal, page 2117, column 2, firewall policy at Gi interface). At the time the 
invention was made, it would have been obvious to a person of ordinary skill in the art to 
utilize Gopal's method of including a Gi firewall on the device because it offers the 
advantage of reducing the vulnerability of future telecommunications networks to 
attacks while still allowing voice and streaming services for users to pass from the user 
plane (Gopal, page 21 1 7). 

Conclusion 



The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. 
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Syvanne et al US PGPub 2003/0117993 discloses a system for handling 
connections moving between firewalls 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Andrew L. Nalven whose telephone number is 571 272 
3839. The examiner can normally be reached on Monday - Thursday 8-6, Alternate 
Fridays. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kambiz Zand can be reached on 571 272 381 1 . The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 




